woensdag 20 februari 2013

The search for the diamond mole at Brinks

In the evening of Monday Feb 18th some people won the jackpot. Diamonds with a value of 50 million US Dollar was stolen during a heist at the Brussels Airport.

The fact that most Belgian Airports are easy accessible, is a commonly known public secret. Many TV shows have been proving this weak security. And a few days before the raid, a 12 year old child was able to take a free flight to Spain bypassing all security. So just say: Physical Security fails big time.

When writing this article, the Belgian police is still trying to catch the robbers and trying to find the possible "internal Brinks mole" that help the diamond heist.

But when I read that Brinks would refund it's customers without any problem and shame, I was wondering why. Compared to other raids, Brinks is this time very quickly in announcing to provide full refund. Does this have something to do with the Diamond mole?

The Belgian police is maybe looking for a Brinks employee, who provided the shipping details to some criminals, But did someone think about the Brinks network?

The diamond transport service of Brinks is been handled by Brinksglobal.com. A nice looking website which offers it's customers an easy online way to handle and track their shipments. An Adobe flash page is used as login page. Indeed, would this page might be prone to zero day attacks?

And once you are logged in, you might have fun with SQLi attacks? I would not be surprised that those criminals had some hackers active to penetrate the Brinks network and get all the shipping details.

Maybe Brinks knew about this hack and therefore tries to stop every rumour by quickly communicating to the public that all customers will be refunded. Trying to save its credibility and avoiding clains in regards of privacyleaks which is worth even more.

Let's wait and see what the professionals will tell as this is a simple thought.